This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
{"id": "DEBIANCVE:CVE-2022-2164", "vendorId": null, "type": "debiancve", "bulletinFamily": "info", "title": "CVE-2022-2164", "description": "This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.", "published": "2022-06-21T20:00:15", "modified": "2022-06-21T20:00:15", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://security-tracker.debian.org/tracker/CVE-2022-2164", "reporter": "Debian Security Bug Tracker", "references": [], "cvelist": ["CVE-2022-2164"], "immutableFields": [], "lastseen": "2022-07-04T02:04:36", "viewCount": 1, "enchantments": {"vulnersScore": "PENDING"}, "_state": {}, "_internal": {}, "affectedPackage": [{"OS": "Debian", "OSVersion": "12", "arch": "all", "packageFilename": "chromium_103.0.5060.53-1_all.deb", "packageVersion": "103.0.5060.53-1", "operator": "lt", "status": "resolved", "packageName": "chromium"}, {"OS": "Debian", "OSVersion": "11", "arch": "all", "packageFilename": "chromium_99.0.4844.74-1~deb11u1_all.deb", "packageVersion": "99.0.4844.74-1~deb11u1", "operator": "lt", "status": "resolved", "packageName": "chromium"}, {"OS": "Debian", "OSVersion": "10", "arch": "all", "packageFilename": "chromium_89.0.4389.114-1~deb10u1_all.deb", "packageVersion": "89.0.4389.114-1~deb10u1", "operator": "le", "status": "open", "packageName": "chromium"}, {"OS": "Debian", "OSVersion": "999", "arch": "all", "packageFilename": "chromium_103.0.5060.53-1_all.deb", "packageVersion": "103.0.5060.53-1", "operator": "lt", "status": "resolved", "packageName": "chromium"}]}
{"veracode": [{"lastseen": "2022-06-28T07:57:42", "description": "chromium is vulnerable to privilege escalation. Remote attackers are able to cause privilege escalation.\n", "cvss3": {}, "published": "2022-06-26T16:55:27", "type": "veracode", "title": "Privilege Escalation", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-2164"], "modified": "2022-06-27T09:06:36", "id": "VERACODE:36126", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-36126/summary", "cvss": {"score": 0.0, "vector": "NONE"}}], "mscve": [{"lastseen": "2022-06-23T18:04:45", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2022>) for more information.\n", "cvss3": {}, "published": "2022-06-23T07:00:00", "type": "mscve", "title": "Chromium: CVE-2022-2164 Inappropriate implementation in Extensions API", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-2164"], "modified": "2022-06-23T07:00:00", "id": "MS:CVE-2022-2164", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-2164", "cvss": {"score": 0.0, "vector": "NONE"}}], "freebsd": [{"lastseen": "2022-06-23T20:02:19", "description": "\n\nChrome Releases reports:\n\nThis release contains 14 security fixes, including:\n\n[1335458] Critical CVE-2022-2156: Use after free in Base. Reported by Mark Brand of Google Project Zero on 2022-06-11\n[1327312] High CVE-2022-2157: Use after free in Interest groups. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-19\n[1321078] High CVE-2022-2158: Type Confusion in V8. Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab on 2022-04-29\n[1116450] Medium CVE-2022-2160: Insufficient policy enforcement in DevTools. Reported by David Erceg on 2020-08-14\n[1330289] Medium CVE-2022-2161: Use after free in WebApp Provider. Reported by Zhihua Yao of KunLun Lab on 2022-05-30\n[1307930] Medium CVE-2022-2162: Insufficient policy enforcement in File System API. Reported by Abdelhamid Naceri (halov) on 2022-03-19\n[1308341] Low CVE-2022-2163: Use after free in Cast UI and Toolbar. Reported by Chaoyuan Peng (@ret2happy) on 2022-03-21\n[1268445] Low CVE-2022-2164: Inappropriate implementation in Extensions API. Reported by Jos\u00e9 Miguel Moreno Computer Security Lab (COSEC) at UC3M on 2021-11-10\n[1250993] Low CVE-2022-2165: Insufficient data validation in URL formatting. Reported by Rayyan Bijoora on 2021-09-19\n\n\n\n", "cvss3": {}, "published": "2022-06-21T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2156", "CVE-2022-2157", "CVE-2022-2158", "CVE-2022-2160", "CVE-2022-2161", "CVE-2022-2162", "CVE-2022-2163", "CVE-2022-2164", "CVE-2022-2165"], "modified": "2022-06-21T00:00:00", "id": "B2A4C5F1-F1FE-11EC-BCD2-3065EC8FD3EC", "href": "https://vuxml.freebsd.org/freebsd/b2a4c5f1-f1fe-11ec-bcd2-3065ec8fd3ec.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "suse": [{"lastseen": "2022-06-29T16:35:21", "description": "An update that fixes 9 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Chromium 103.0.5060.53 (boo#1200783)\n\n * CVE-2022-2156: Use after free in Base\n * CVE-2022-2157: Use after free in Interest groups\n * CVE-2022-2158: Type Confusion in V8\n * CVE-2022-2160: Insufficient policy enforcement in DevTools\n * CVE-2022-2161: Use after free in WebApp Provider\n * CVE-2022-2162: Insufficient policy enforcement in File System API\n * CVE-2022-2163: Use after free in Cast UI and Toolbar\n * CVE-2022-2164: Inappropriate implementation in Extensions API\n * CVE-2022-2165: Insufficient data validation in URL formatting\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP4:\n\n zypper in -t patch openSUSE-2022-10035=1", "cvss3": {}, "published": "2022-06-29T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2156", "CVE-2022-2157", "CVE-2022-2158", "CVE-2022-2160", "CVE-2022-2161", "CVE-2022-2162", "CVE-2022-2163", "CVE-2022-2164", "CVE-2022-2165"], "modified": "2022-06-29T00:00:00", "id": "OPENSUSE-SU-2022:10035-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RFQ3I5UT56IYLUPIBNVXMKHLCHYQ22Z4/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-06-29T16:35:21", "description": "An update that fixes 9 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Chromium 103.0.5060.53 (boo#1200783)\n\n * CVE-2022-2156: Use after free in Base\n * CVE-2022-2157: Use after free in Interest groups\n * CVE-2022-2158: Type Confusion in V8\n * CVE-2022-2160: Insufficient policy enforcement in DevTools\n * CVE-2022-2161: Use after free in WebApp Provider\n * CVE-2022-2162: Insufficient policy enforcement in File System API\n * CVE-2022-2163: Use after free in Cast UI and Toolbar\n * CVE-2022-2164: Inappropriate implementation in Extensions API\n * CVE-2022-2165: Insufficient data validation in URL formatting\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP3:\n\n zypper in -t patch openSUSE-2022-10036=1", "cvss3": {}, "published": "2022-06-29T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2156", "CVE-2022-2157", "CVE-2022-2158", "CVE-2022-2160", "CVE-2022-2161", "CVE-2022-2162", "CVE-2022-2163", "CVE-2022-2164", "CVE-2022-2165"], "modified": "2022-06-29T00:00:00", "id": "OPENSUSE-SU-2022:10036-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SUIIAMNE5ZGO2NZSXKZINOMI3IDGX2NA/", "cvss": {"score": 0.0, "vector": "NONE"}}], "nessus": [{"lastseen": "2022-06-30T04:18:57", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10036-1 advisory.\n\n - Use after free in Base. (CVE-2022-2156)\n\n - Use after free in Interest groups. (CVE-2022-2157)\n\n - Type Confusion in V8. (CVE-2022-2158)\n\n - Insufficient policy enforcement in DevTools. (CVE-2022-2160)\n\n - Use after free in WebApp Provider. (CVE-2022-2161)\n\n - Insufficient policy enforcement in File System API. (CVE-2022-2162)\n\n - Use after free in Cast UI and Toolbar. (CVE-2022-2163)\n\n - Inappropriate implementation in Extensions API. (CVE-2022-2164)\n\n - Insufficient data validation in URL formatting. (CVE-2022-2165)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-06-29T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : chromium (openSUSE-SU-2022:10036-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2156", "CVE-2022-2157", "CVE-2022-2158", "CVE-2022-2160", "CVE-2022-2161", "CVE-2022-2162", "CVE-2022-2163", "CVE-2022-2164", "CVE-2022-2165"], "modified": "2022-06-29T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2022-10036-1.NASL", "href": "https://www.tenable.com/plugins/nessus/162606", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:10036-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162606);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/29\");\n\n script_cve_id(\n \"CVE-2022-2156\",\n \"CVE-2022-2157\",\n \"CVE-2022-2158\",\n \"CVE-2022-2160\",\n \"CVE-2022-2161\",\n \"CVE-2022-2162\",\n \"CVE-2022-2163\",\n \"CVE-2022-2164\",\n \"CVE-2022-2165\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : chromium (openSUSE-SU-2022:10036-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:10036-1 advisory.\n\n - Use after free in Base. (CVE-2022-2156)\n\n - Use after free in Interest groups. (CVE-2022-2157)\n\n - Type Confusion in V8. (CVE-2022-2158)\n\n - Insufficient policy enforcement in DevTools. (CVE-2022-2160)\n\n - Use after free in WebApp Provider. (CVE-2022-2161)\n\n - Insufficient policy enforcement in File System API. (CVE-2022-2162)\n\n - Use after free in Cast UI and Toolbar. (CVE-2022-2163)\n\n - Inappropriate implementation in Extensions API. (CVE-2022-2164)\n\n - Insufficient data validation in URL formatting. (CVE-2022-2165)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200783\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SUIIAMNE5ZGO2NZSXKZINOMI3IDGX2NA/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9c6e48ea\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2156\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2161\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2162\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2163\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2164\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2165\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromedriver and / or chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2163\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'chromedriver-103.0.5060.53-bp153.2.104.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromedriver-103.0.5060.53-bp153.2.104.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-103.0.5060.53-bp153.2.104.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-103.0.5060.53-bp153.2.104.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromedriver / chromium');\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-01T22:57:09", "description": "The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the b2a4c5f1-f1fe-11ec-bcd2-3065ec8fd3ec advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-06-23T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (b2a4c5f1-f1fe-11ec-bcd2-3065ec8fd3ec)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2156", "CVE-2022-2157", "CVE-2022-2158", "CVE-2022-2160", "CVE-2022-2161", "CVE-2022-2162", "CVE-2022-2163", "CVE-2022-2164", "CVE-2022-2165"], "modified": "2022-07-01T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_B2A4C5F1F1FE11ECBCD23065EC8FD3EC.NASL", "href": "https://www.tenable.com/plugins/nessus/162512", "sourceData": "#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n#\n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162512);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/01\");\n\n script_cve_id(\n \"CVE-2022-2156\",\n \"CVE-2022-2157\",\n \"CVE-2022-2158\",\n \"CVE-2022-2160\",\n \"CVE-2022-2161\",\n \"CVE-2022-2162\",\n \"CVE-2022-2163\",\n \"CVE-2022-2164\",\n \"CVE-2022-2165\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0253\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (b2a4c5f1-f1fe-11ec-bcd2-3065ec8fd3ec)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple\nvulnerabilities as referenced in the b2a4c5f1-f1fe-11ec-bcd2-3065ec8fd3ec advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop_21.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2a2f31f8\");\n # https://vuxml.freebsd.org/freebsd/b2a4c5f1-f1fe-11ec-bcd2-3065ec8fd3ec.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?89ce02d9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2163\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"freebsd_package.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nvar flag = 0;\n\nvar packages = [\n 'chromium<103.0.5060.53'\n];\n\nforeach var package( packages ) {\n if (pkg_test(save_report:TRUE, pkg: package)) flag++;\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : pkg_report_get()\n );\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-28T00:18:23", "description": "The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5168 advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-06-23T00:00:00", "type": "nessus", "title": "Debian DSA-5168-1 : chromium - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2156", "CVE-2022-2157", "CVE-2022-2158", "CVE-2022-2160", "CVE-2022-2161", "CVE-2022-2162", "CVE-2022-2163", "CVE-2022-2164", "CVE-2022-2165"], "modified": "2022-06-23T00:00:00", "cpe": ["cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:chromium:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:chromium-common:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:chromium-driver:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:chromium-l10n:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:chromium-sandbox:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:chromium-shell:*:*:*:*:*:*:*"], "id": "DEBIAN_DSA-5168.NASL", "href": "https://www.tenable.com/plugins/nessus/162505", "sourceData": "#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5168. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162505);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/23\");\n\n script_cve_id(\n \"CVE-2022-2156\",\n \"CVE-2022-2157\",\n \"CVE-2022-2158\",\n \"CVE-2022-2160\",\n \"CVE-2022-2161\",\n \"CVE-2022-2162\",\n \"CVE-2022-2163\",\n \"CVE-2022-2164\",\n \"CVE-2022-2165\"\n );\n\n script_name(english:\"Debian DSA-5168-1 : chromium - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-5168 advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/chromium\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2156\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2161\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2162\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2163\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2164\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2165\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/chromium\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the chromium packages.\n\nFor the stable distribution (bullseye), these problems have been fixed in version 103.0.5060.53-1~deb11u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2163\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-driver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-l10n\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-sandbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '11.0', 'prefix': 'chromium', 'reference': '103.0.5060.53-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-common', 'reference': '103.0.5060.53-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-driver', 'reference': '103.0.5060.53-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-l10n', 'reference': '103.0.5060.53-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-sandbox', 'reference': '103.0.5060.53-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-shell', 'reference': '103.0.5060.53-1~deb11u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium / chromium-common / chromium-driver / chromium-l10n / etc');\n}\n", "cvss": {"score": 10, "vector": "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-04T18:17:33", "description": "The version of Google Chrome installed on the remote Windows host is prior to 103.0.5060.53. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022_06_stable-channel-update-for-desktop_21 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-06-21T00:00:00", "type": "nessus", "title": "Google Chrome < 103.0.5060.53 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2156", "CVE-2022-2157", "CVE-2022-2158", "CVE-2022-2160", "CVE-2022-2161", "CVE-2022-2162", "CVE-2022-2163", "CVE-2022-2164", "CVE-2022-2165"], "modified": "2022-07-04T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_103_0_5060_53.NASL", "href": "https://www.tenable.com/plugins/nessus/162422", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162422);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/04\");\n\n script_cve_id(\n \"CVE-2022-2156\",\n \"CVE-2022-2157\",\n \"CVE-2022-2158\",\n \"CVE-2022-2160\",\n \"CVE-2022-2161\",\n \"CVE-2022-2162\",\n \"CVE-2022-2163\",\n \"CVE-2022-2164\",\n \"CVE-2022-2165\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0253\");\n\n script_name(english:\"Google Chrome < 103.0.5060.53 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 103.0.5060.53. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2022_06_stable-channel-update-for-desktop_21 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop_21.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2a2f31f8\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1335458\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1327312\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1321078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1116450\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1330289\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1307930\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1308341\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1268445\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1250993\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 103.0.5060.53 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2163\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\nvar installs = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'103.0.5060.53', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-04T18:17:18", "description": "The version of Google Chrome installed on the remote macOS host is prior to 103.0.5060.53. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022_06_stable-channel-update-for-desktop_21 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-06-21T00:00:00", "type": "nessus", "title": "Google Chrome < 103.0.5060.53 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2156", "CVE-2022-2157", "CVE-2022-2158", "CVE-2022-2160", "CVE-2022-2161", "CVE-2022-2162", "CVE-2022-2163", "CVE-2022-2164", "CVE-2022-2165"], "modified": "2022-07-04T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_103_0_5060_53.NASL", "href": "https://www.tenable.com/plugins/nessus/162421", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162421);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/04\");\n\n script_cve_id(\n \"CVE-2022-2156\",\n \"CVE-2022-2157\",\n \"CVE-2022-2158\",\n \"CVE-2022-2160\",\n \"CVE-2022-2161\",\n \"CVE-2022-2162\",\n \"CVE-2022-2163\",\n \"CVE-2022-2164\",\n \"CVE-2022-2165\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0253\");\n\n script_name(english:\"Google Chrome < 103.0.5060.53 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 103.0.5060.53. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2022_06_stable-channel-update-for-desktop_21 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop_21.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2a2f31f8\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1335458\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1327312\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1321078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1116450\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1330289\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1307930\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1308341\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1268445\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1250993\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 103.0.5060.53 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2163\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'103.0.5060.53', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-30T17:56:13", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10035-1 advisory.\n\n - Use after free in Base. (CVE-2022-2156)\n\n - Use after free in Interest groups. (CVE-2022-2157)\n\n - Type Confusion in V8. (CVE-2022-2158)\n\n - Insufficient policy enforcement in DevTools. (CVE-2022-2160)\n\n - Use after free in WebApp Provider. (CVE-2022-2161)\n\n - Insufficient policy enforcement in File System API. (CVE-2022-2162)\n\n - Use after free in Cast UI and Toolbar. (CVE-2022-2163)\n\n - Inappropriate implementation in Extensions API. (CVE-2022-2164)\n\n - Insufficient data validation in URL formatting. (CVE-2022-2165)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-06-30T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : chromium (openSUSE-SU-2022:10035-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2156", "CVE-2022-2157", "CVE-2022-2158", "CVE-2022-2160", "CVE-2022-2161", "CVE-2022-2162", "CVE-2022-2163", "CVE-2022-2164", "CVE-2022-2165"], "modified": "2022-06-30T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium", "cpe:/o:novell:opensuse:15.4"], "id": "OPENSUSE-2022-10035-1.NASL", "href": "https://www.tenable.com/plugins/nessus/162616", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:10035-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162616);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/30\");\n\n script_cve_id(\n \"CVE-2022-2156\",\n \"CVE-2022-2157\",\n \"CVE-2022-2158\",\n \"CVE-2022-2160\",\n \"CVE-2022-2161\",\n \"CVE-2022-2162\",\n \"CVE-2022-2163\",\n \"CVE-2022-2164\",\n \"CVE-2022-2165\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : chromium (openSUSE-SU-2022:10035-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:10035-1 advisory.\n\n - Use after free in Base. (CVE-2022-2156)\n\n - Use after free in Interest groups. (CVE-2022-2157)\n\n - Type Confusion in V8. (CVE-2022-2158)\n\n - Insufficient policy enforcement in DevTools. (CVE-2022-2160)\n\n - Use after free in WebApp Provider. (CVE-2022-2161)\n\n - Insufficient policy enforcement in File System API. (CVE-2022-2162)\n\n - Use after free in Cast UI and Toolbar. (CVE-2022-2163)\n\n - Inappropriate implementation in Extensions API. (CVE-2022-2164)\n\n - Insufficient data validation in URL formatting. (CVE-2022-2165)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200783\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RFQ3I5UT56IYLUPIBNVXMKHLCHYQ22Z4/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2f4426fb\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2156\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2161\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2162\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2163\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2164\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2165\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromedriver and / or chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2163\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.4\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.4', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'chromedriver-103.0.5060.53-bp154.2.11.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromedriver-103.0.5060.53-bp154.2.11.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-103.0.5060.53-bp154.2.11.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-103.0.5060.53-bp154.2.11.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromedriver / chromium');\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-03T16:39:15", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 103.0.1264.37. It is, therefore, affected by multiple vulnerabilities as referenced in the June 23, 2022 advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.7, "vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2022-06-23T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 103.0.1264.37 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2156", "CVE-2022-2157", "CVE-2022-2158", "CVE-2022-2160", "CVE-2022-2161", "CVE-2022-2162", "CVE-2022-2163", "CVE-2022-2164", "CVE-2022-2165", "CVE-2022-30192", "CVE-2022-33638", "CVE-2022-33639"], "modified": "2022-06-30T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_103_0_1264_37.NASL", "href": "https://www.tenable.com/plugins/nessus/162503", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162503);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/30\");\n\n script_cve_id(\"CVE-2022-33639\");\n\n script_name(english:\"Microsoft Edge (Chromium) < 103.0.1264.37 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 103.0.1264.37. It is, therefore, affected\nby multiple vulnerabilities as referenced in the June 23, 2022 advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#june-23-2022\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2b2d4e0f\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2156\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2161\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2162\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2163\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2164\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2165\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30192\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33638\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 103.0.1264.37 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2163\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-33639\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"false\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nvar app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nvar constraints = [\n { 'fixed_version' : '103.0.1264.37' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2022-06-24T22:00:34", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5168-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJune 22, 2022 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium\nCVE ID : CVE-2022-2156 CVE-2022-2157 CVE-2022-2158 CVE-2022-2160 \n CVE-2022-2161 CVE-2022-2162 CVE-2022-2163 CVE-2022-2164 \n CVE-2022-2165\n\nMultiple security issues were discovered in Chromium, which could result\nin the execution of arbitrary code, denial of service or information\ndisclosure.\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 103.0.5060.53-1~deb11u1.\n\nWe recommend that you upgrade your chromium packages.\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/chromium\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2022-06-22T18:25:55", "type": "debian", "title": "[SECURITY] [DSA 5168-1] chromium security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2156", "CVE-2022-2157", "CVE-2022-2158", "CVE-2022-2160", "CVE-2022-2161", "CVE-2022-2162", "CVE-2022-2163", "CVE-2022-2164", "CVE-2022-2165"], "modified": "2022-06-22T18:25:55", "id": "DEBIAN:DSA-5168-1:EEDFE", "href": "https://lists.debian.org/debian-security-announce/2022/msg00136.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "mageia": [{"lastseen": "2022-06-24T22:03:53", "description": "The chromium-browser-stable package has been updated to the 103.0.5060.53 branch, fixing many bugs and 14 CVE. Some of them are listed below: Use after free in Base. (CVE-2022-2156) Use after free in Interest groups. (CVE-2022-2157) Type Confusion in V8. (CVE-2022-2158) Insufficient policy enforcement in DevTools. (CVE-2022-2160) Use after free in WebApp Provider. (CVE-2022-2161) Insufficient policy enforcement in File System API. (CVE-2022-2162) Use after free in Cast UI and Toolbar. (CVE-2022-2163) Inappropriate implementation in Extensions API. (CVE-2022-2164) Insufficient data validation in URL formatting. (CVE-2022-2165) Various fixes from internal audits, fuzzing and other initiatives \n", "cvss3": {}, "published": "2022-06-24T20:50:43", "type": "mageia", "title": "Updated chromium-browser-stable packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2156", "CVE-2022-2157", "CVE-2022-2158", "CVE-2022-2160", "CVE-2022-2161", "CVE-2022-2162", "CVE-2022-2163", "CVE-2022-2164", "CVE-2022-2165"], "modified": "2022-06-24T20:50:43", "id": "MGASA-2022-0241", "href": "https://advisories.mageia.org/MGASA-2022-0241.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "osv": [{"lastseen": "2022-07-06T05:02:33", "description": "\nMultiple security issues were discovered in Chromium, which could result\nin the execution of arbitrary code, denial of service or information\ndisclosure.\n\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 103.0.5060.53-1~deb11u1.\n\n\nWe recommend that you upgrade your chromium packages.\n\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/chromium](https://security-tracker.debian.org/tracker/chromium)\n\n\n", "cvss3": {}, "published": "2022-06-22T00:00:00", "type": "osv", "title": "chromium - security update", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-2156", "CVE-2022-2157", "CVE-2022-2158", "CVE-2022-2160", "CVE-2022-2161", "CVE-2022-2162", "CVE-2022-2163", "CVE-2022-2164", "CVE-2022-2165"], "modified": "2022-07-06T03:11:00", "id": "OSV:DSA-5168-1", "href": "https://osv.dev/vulnerability/DSA-5168-1", "cvss": {"score": 0.0, "vector": "NONE"}}], "chrome": [{"lastseen": "2022-06-21T19:57:13", "description": "The Chrome team is delighted to announce the promotion of Chrome 103 to the stable channel for Windows,Mac and Linux.This will roll out over the coming days/weeks.\n\nChrome 103.0.5060.53 contains a number of fixes and improvements -- a list of changes is available in the[ log](<https://chromium.googlesource.com/chromium/src/+log/102.0.5005.115..103.0.5060.53?pretty=fuller&n=10000>). Watch out for upcoming[ ](<https://chrome.blogspot.com/>)[Chrome](<https://chrome.blogspot.com/>) and[ Chromium](<https://blog.chromium.org/>) blog posts about new features and big efforts delivered in 103.\n\n\n\n\n Security Fixes and Rewards\n\nNote: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.\n\n\n\n\nThis update includes [14](<https://bugs.chromium.org/p/chromium/issues/list?can=1&q=type%3Abug-security+os%3DAndroid%2Cios%2Clinux%2Cmac%2Cwindows%2Call%2Cchrome+label%3ARelease-0-M103>) security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the [Chrome Security Page](<https://sites.google.com/a/chromium.org/dev/Home/chromium-security>) for more information.\n\n\n\n\n[$NA][[1335458](<https://crbug.com/1335458>)] Critical CVE-2022-2156: Use after free in Base. Reported by Mark Brand of Google Project Zero on 2022-06-11\n\n[$20000][[1327312](<https://crbug.com/1327312>)] High CVE-2022-2157: Use after free in Interest groups. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-19\n\n[$7500][[1321078](<https://crbug.com/1321078>)] High CVE-2022-2158: Type Confusion in V8. Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab on 2022-04-29\n\n[$3000][[1116450](<https://crbug.com/1116450>)] Medium CVE-2022-2160: Insufficient policy enforcement in DevTools. Reported by David Erceg on 2020-08-14\n\n[$3000][[1330289](<https://crbug.com/1330289>)] Medium CVE-2022-2161: Use after free in WebApp Provider. Reported by Zhihua Yao of KunLun Lab on 2022-05-30\n\n[$2000][[1307930](<https://crbug.com/1307930>)] Medium CVE-2022-2162: Insufficient policy enforcement in File System API. Reported by Abdelhamid Naceri (halov) on 2022-03-19\n\n[$7000][[1308341](<https://crbug.com/1308341>)] Low CVE-2022-2163: Use after free in Cast UI and Toolbar. Reported by Chaoyuan Peng (@ret2happy) on 2022-03-21\n\n[$1000][[1268445](<https://crbug.com/1268445>)] Low CVE-2022-2164: Inappropriate implementation in Extensions API. Reported by Jos\u00e9 Miguel Moreno Computer Security Lab (COSEC) at UC3M on 2021-11-10\n\n[$500][[1250993](<https://crbug.com/1250993>)] Low CVE-2022-2165: Insufficient data validation in URL formatting. Reported by Rayyan Bijoora on 2021-09-19\n\n\n\n\nWe would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel. \n\nAs usual, our ongoing internal security work was responsible for a wide range of fixes:\n\n * [[1338205](<https://crbug.com/1338205>)] Various fixes from internal audits, fuzzing and other initiatives\n\n\nMany of our security bugs are detected using [AddressSanitizer](<https://code.google.com/p/address-sanitizer/wiki/AddressSanitizer>), [MemorySanitizer](<https://code.google.com/p/memory-sanitizer/wiki/MemorySanitizer>), [UndefinedBehaviorSanitizer](<https://www.chromium.org/developers/testing/undefinedbehaviorsanitizer>), [Control Flow Integrity](<https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity>), [libFuzzer](<https://sites.google.com/a/chromium.org/dev/developers/testing/libfuzzer>), or [AFL](<https://github.com/google/afl>).\n\n\n\n\nInterested in switching release channels? Find out how [here](<https://www.chromium.org/getting-involved/dev-channel>). If you find a new issue, please let us know by [filing a bug](<https://crbug.com/>). The [community help forum](<https://productforums.google.com/forum/#!forum/chrome>) is also a great place to reach out for help or learn about common issues.\n\n\n\n\nPrudhvikumar Bommana \n\n\nGoogle Chrome", "cvss3": {}, "published": "2022-06-21T00:00:00", "type": "chrome", "title": "Stable Channel Update for Desktop", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-2156", "CVE-2022-2157", "CVE-2022-2158", "CVE-2022-2160", "CVE-2022-2161", "CVE-2022-2162", "CVE-2022-2163", "CVE-2022-2164", "CVE-2022-2165"], "modified": "2022-06-21T00:00:00", "id": "GCSA-8599707099132100813", "href": "https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop_21.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "kaspersky": [{"lastseen": "2022-06-29T20:16:27", "description": "### *Detect date*:\n06/23/2022\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, gain privileges.\n\n### *Affected products*:\nMicrosoft Edge (Chromium-based)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2022-2156](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2156>) \n[CVE-2022-2164](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2164>) \n[CVE-2022-30192](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30192>) \n[CVE-2022-2158](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2158>) \n[CVE-2022-2161](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2161>) \n[CVE-2022-2157](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2157>) \n[CVE-2022-2165](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2165>) \n[CVE-2022-2160](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2160>) \n[CVE-2022-33638](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33638>) \n[CVE-2022-2162](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2162>) \n[CVE-2022-2163](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2163>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Edge](<https://threats.kaspersky.com/en/product/Microsoft-Edge/>)", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-06-23T00:00:00", "type": "kaspersky", "title": "KLA12572 Multiple vulnerabilities in Microsoft Browser", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-2156", "CVE-2022-2157", "CVE-2022-2158", "CVE-2022-2160", "CVE-2022-2161", "CVE-2022-2162", "CVE-2022-2163", "CVE-2022-2164", "CVE-2022-2165", "CVE-2022-30192", "CVE-2022-33638"], "modified": "2022-06-24T00:00:00", "id": "KLA12572", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12572/", "cvss": {"score": 0.0, "vector": "NONE"}}]}
CVE-2022-2164
